ChatGPT Down As Anonymous Sudan Hackers Claim Responsibility

Posted By



November 10, 2023

OpenAI suggested that the significant outages on November 8, experienced by users across ChatGPT and the application programming interface, were caused by a suspected distributed denial-of-service attack, and a group calling itself Anonymous Sudan has claimed responsibility.

11/10 updates below. This article was originally published on November 9.

In a Telegram channel posting, the hackers claimed the attack was due to ChatGPT having “a general biasness towards Israel and against Palestine.” Although OpenAI has yet comment on any attribution for the alleged DDoS attack, Anonymous Sudan is known to favor such attacks against perceived enemies. The Telegram posting accused OpenAI of cooperating with the “occupation state of Israel,” and went on to claim that “AI is now being used in the development of weapons and by intelligence agencies like Mossad.” The hacktivist group added that it will target any American company and said that Israel is employing AI “to further oppress the Palestinians.”

Who Is Anonymous Sudan?
According to Trustwave SpiderLabs researchers, Anonymous Sudan is likely a sub-group of the pro-Russian Killnet threat group. There appears little if any evidence that the group is financially motivated, and the targets appear to mostly be those that Russia also opposes. The main Anonymous operations groups, such as they are these days, have disavowed any connection with Anonymous Sudan, the researchers say.

11/10 update: Heather Choi, an application security engineer at LogRhythm, adds to the evidence suggesting that Anonymous Sudan is affiliated with Killnet. "Since launching in January of 2023, Anonymous Sudan has claimed attacks across industries, targeting global organizations and agencies.," Choi says. It has been reported that, between January 1 and June 20, the threat actors accounted for 63% of DDoS attacks attributed to KillNet.

"While the attacks accredited to this group are often viewed as being politically or religiously motivated," Ian Nicholson, the incident response head at Pentest People, says, "there are also instances where this adversary has conducted attacks as a form of retaliation against messaging services which have restricted their communications."

ChatGPT DDoS Timeline
After users started complaining of ChatGPT being down, an OpenAI incident report was posted at 12:03 PST on November 8, which said the issue was being investigated.

Within 40 minutes, an additional posting to that incident report said that a fix had been implemented and that OpenAI was monitoring the results.

Unfortunately, the results weren’t that positive, as a further update with a 17:23 PST timestamp noted that “periodic outages” were still being experienced.

At 19:49 PST, OpenAI confirmed, “We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this.”

What Does ChatGPT Itself Have To Say?
I asked ChatGPT itself what caused the November 8 outages, just out of morbid curiosity more than anything, and it replied that it wasn’t aware of any. “If there were any issues, it must have been a blip in the digital cosmos that I missed,” the AI stated, adding, “Everything seems to be running smoothly now, though!” And, as evidenced by my question and the ChatGPT answer, it’s correct on that last point at least. I have, of course, approached OpenAI for a statement through the usual channels and will update this story in due course if the current silence is broken

 The Cybersecurity Expert View
“Cybercriminals attack from all angles and are incredibly fearless in their attempts. DDoS attacks are a clever way of targeting a company without having to hack the mainframe, yet the perpetrators can remain largely anonymous,” Jake Moore, the global cybersecurity advisor at security vendor ESET, says.

Given that OpenAI remains one of the most talked about technology companies, and ChatGPT is a technology constantly in the news, the cyber-crosshairs will continue to focus on it. “All that can be done to future-proof their networks is to continue to expect the unexpected,” Moore concludes.

How Do You Defend Against Such DDoS Attacks?
11/10 update: As Donny Chong, a director at Nexusguard, confirms, DDoS attacks are getting larger, and threat actors are constantly evolving their methods to identify new attack vectors. "It is essential that organizations proactively adapt to meet evolving threats," Chong says, "implementing DDoS protection and ensuring that the right processes and people are in place to protect digital infrastructure from surging attacks." Failure to do so, Chong warns, can "wreak havoc on a company's reputation, customer base and bottom line." When it comes to the right processes, LogRhythm’s Choi suggests that in order for organizations to effectively defend themselves against these evolving DDoS attacks, they need to be proactive. “This includes reducing attack surfaces, caching (such as use the of a content delivery network), incorporating Anycast routing, rate limiting, and real-time threat monitoring,” Choi concludes.